projects / releases.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
GNU Linux-libre 4.19.242-gnu1
[releases.git] / drivers / tee / tee_core.c
1 /*
2  * Copyright (c) 2015-2016, Linaro Limited
3  *
4  * This software is licensed under the terms of the GNU General Public
5  * License version 2, as published by the Free Software Foundation, and
6  * may be copied, distributed, and modified under those terms.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11  * GNU General Public License for more details.
12  *
13  */
14
15 #define pr_fmt(fmt) "%s: " fmt, __func__
16
17 #include <linux/cdev.h>
18 #include <linux/device.h>
19 #include <linux/fs.h>
20 #include <linux/idr.h>
21 #include <linux/module.h>
22 #include <linux/slab.h>
23 #include <linux/tee_drv.h>
24 #include <linux/uaccess.h>
25 #include "tee_private.h"
26
27 #define TEE_NUM_DEVICES 32
28
29 #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x))
30
31 /*
32  * Unprivileged devices in the lower half range and privileged devices in
33  * the upper half range.
34  */
35 static DECLARE_BITMAP(dev_mask, TEE_NUM_DEVICES);
36 static DEFINE_SPINLOCK(driver_lock);
37
38 static struct class *tee_class;
39 static dev_t tee_devt;
40
41 static int tee_open(struct inode *inode, struct file *filp)
42 {
43         int rc;
44         struct tee_device *teedev;
45         struct tee_context *ctx;
46
47         teedev = container_of(inode->i_cdev, struct tee_device, cdev);
48         if (!tee_device_get(teedev))
49                 return -EINVAL;
50
51         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
52         if (!ctx) {
53                 rc = -ENOMEM;
54                 goto err;
55         }
56
57         kref_init(&ctx->refcount);
58         ctx->teedev = teedev;
59         INIT_LIST_HEAD(&ctx->list_shm);
60         filp->private_data = ctx;
61         rc = teedev->desc->ops->open(ctx);
62         if (rc)
63                 goto err;
64
65         return 0;
66 err:
67         kfree(ctx);
68         tee_device_put(teedev);
69         return rc;
70 }
71
72 void teedev_ctx_get(struct tee_context *ctx)
73 {
74         if (ctx->releasing)
75                 return;
76
77         kref_get(&ctx->refcount);
78 }
79
80 static void teedev_ctx_release(struct kref *ref)
81 {
82         struct tee_context *ctx = container_of(ref, struct tee_context,
83                                                refcount);
84         ctx->releasing = true;
85         ctx->teedev->desc->ops->release(ctx);
86         kfree(ctx);
87 }
88
89 void teedev_ctx_put(struct tee_context *ctx)
90 {
91         if (ctx->releasing)
92                 return;
93
94         kref_put(&ctx->refcount, teedev_ctx_release);
95 }
96
97 static void teedev_close_context(struct tee_context *ctx)
98 {
99         struct tee_device *teedev = ctx->teedev;
100
101         teedev_ctx_put(ctx);
102         tee_device_put(teedev);
103 }
104
105 static int tee_release(struct inode *inode, struct file *filp)
106 {
107         teedev_close_context(filp->private_data);
108         return 0;
109 }
110
111 static int tee_ioctl_version(struct tee_context *ctx,
112                              struct tee_ioctl_version_data __user *uvers)
113 {
114         struct tee_ioctl_version_data vers;
115
116         ctx->teedev->desc->ops->get_version(ctx->teedev, &vers);
117
118         if (ctx->teedev->desc->flags & TEE_DESC_PRIVILEGED)
119                 vers.gen_caps |= TEE_GEN_CAP_PRIVILEGED;
120
121         if (copy_to_user(uvers, &vers, sizeof(vers)))
122                 return -EFAULT;
123
124         return 0;
125 }
126
127 static int tee_ioctl_shm_alloc(struct tee_context *ctx,
128                                struct tee_ioctl_shm_alloc_data __user *udata)
129 {
130         long ret;
131         struct tee_ioctl_shm_alloc_data data;
132         struct tee_shm *shm;
133
134         if (copy_from_user(&data, udata, sizeof(data)))
135                 return -EFAULT;
136
137         /* Currently no input flags are supported */
138         if (data.flags)
139                 return -EINVAL;
140
141         shm = tee_shm_alloc(ctx, data.size, TEE_SHM_MAPPED | TEE_SHM_DMA_BUF);
142         if (IS_ERR(shm))
143                 return PTR_ERR(shm);
144
145         data.id = shm->id;
146         data.flags = shm->flags;
147         data.size = shm->size;
148
149         if (copy_to_user(udata, &data, sizeof(data)))
150                 ret = -EFAULT;
151         else
152                 ret = tee_shm_get_fd(shm);
153
154         /*
155          * When user space closes the file descriptor the shared memory
156          * should be freed or if tee_shm_get_fd() failed then it will
157          * be freed immediately.
158          */
159         tee_shm_put(shm);
160         return ret;
161 }
162
163 static int
164 tee_ioctl_shm_register(struct tee_context *ctx,
165                        struct tee_ioctl_shm_register_data __user *udata)
166 {
167         long ret;
168         struct tee_ioctl_shm_register_data data;
169         struct tee_shm *shm;
170
171         if (copy_from_user(&data, udata, sizeof(data)))
172                 return -EFAULT;
173
174         /* Currently no input flags are supported */
175         if (data.flags)
176                 return -EINVAL;
177
178         shm = tee_shm_register(ctx, data.addr, data.length,
179                                TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED);
180         if (IS_ERR(shm))
181                 return PTR_ERR(shm);
182
183         data.id = shm->id;
184         data.flags = shm->flags;
185         data.length = shm->size;
186
187         if (copy_to_user(udata, &data, sizeof(data)))
188                 ret = -EFAULT;
189         else
190                 ret = tee_shm_get_fd(shm);
191         /*
192          * When user space closes the file descriptor the shared memory
193          * should be freed or if tee_shm_get_fd() failed then it will
194          * be freed immediately.
195          */
196         tee_shm_put(shm);
197         return ret;
198 }
199
200 static int params_from_user(struct tee_context *ctx, struct tee_param *params,
201                             size_t num_params,
202                             struct tee_ioctl_param __user *uparams)
203 {
204         size_t n;
205
206         for (n = 0; n < num_params; n++) {
207                 struct tee_shm *shm;
208                 struct tee_ioctl_param ip;
209
210                 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
211                         return -EFAULT;
212
213                 /* All unused attribute bits has to be zero */
214                 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK)
215                         return -EINVAL;
216
217                 params[n].attr = ip.attr;
218                 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
219                 case TEE_IOCTL_PARAM_ATTR_TYPE_NONE:
220                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
221                         break;
222                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
223                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
224                         params[n].u.value.a = ip.a;
225                         params[n].u.value.b = ip.b;
226                         params[n].u.value.c = ip.c;
227                         break;
228                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
229                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
230                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
231                         /*
232                          * If we fail to get a pointer to a shared memory
233                          * object (and increase the ref count) from an
234                          * identifier we return an error. All pointers that
235                          * has been added in params have an increased ref
236                          * count. It's the callers responibility to do
237                          * tee_shm_put() on all resolved pointers.
238                          */
239                         shm = tee_shm_get_from_id(ctx, ip.c);
240                         if (IS_ERR(shm))
241                                 return PTR_ERR(shm);
242
243                         /*
244                          * Ensure offset + size does not overflow offset
245                          * and does not overflow the size of the referred
246                          * shared memory object.
247                          */
248                         if ((ip.a + ip.b) < ip.a ||
249                             (ip.a + ip.b) > shm->size) {
250                                 tee_shm_put(shm);
251                                 return -EINVAL;
252                         }
253
254                         params[n].u.memref.shm_offs = ip.a;
255                         params[n].u.memref.size = ip.b;
256                         params[n].u.memref.shm = shm;
257                         break;
258                 default:
259                         /* Unknown attribute */
260                         return -EINVAL;
261                 }
262         }
263         return 0;
264 }
265
266 static int params_to_user(struct tee_ioctl_param __user *uparams,
267                           size_t num_params, struct tee_param *params)
268 {
269         size_t n;
270
271         for (n = 0; n < num_params; n++) {
272                 struct tee_ioctl_param __user *up = uparams + n;
273                 struct tee_param *p = params + n;
274
275                 switch (p->attr) {
276                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
277                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
278                         if (put_user(p->u.value.a, &up->a) ||
279                             put_user(p->u.value.b, &up->b) ||
280                             put_user(p->u.value.c, &up->c))
281                                 return -EFAULT;
282                         break;
283                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
284                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
285                         if (put_user((u64)p->u.memref.size, &up->b))
286                                 return -EFAULT;
287                 default:
288                         break;
289                 }
290         }
291         return 0;
292 }
293
294 static int tee_ioctl_open_session(struct tee_context *ctx,
295                                   struct tee_ioctl_buf_data __user *ubuf)
296 {
297         int rc;
298         size_t n;
299         struct tee_ioctl_buf_data buf;
300         struct tee_ioctl_open_session_arg __user *uarg;
301         struct tee_ioctl_open_session_arg arg;
302         struct tee_ioctl_param __user *uparams = NULL;
303         struct tee_param *params = NULL;
304         bool have_session = false;
305
306         if (!ctx->teedev->desc->ops->open_session)
307                 return -EINVAL;
308
309         if (copy_from_user(&buf, ubuf, sizeof(buf)))
310                 return -EFAULT;
311
312         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
313             buf.buf_len < sizeof(struct tee_ioctl_open_session_arg))
314                 return -EINVAL;
315
316         uarg = u64_to_user_ptr(buf.buf_ptr);
317         if (copy_from_user(&arg, uarg, sizeof(arg)))
318                 return -EFAULT;
319
320         if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
321                 return -EINVAL;
322
323         if (arg.num_params) {
324                 params = kcalloc(arg.num_params, sizeof(struct tee_param),
325                                  GFP_KERNEL);
326                 if (!params)
327                         return -ENOMEM;
328                 uparams = uarg->params;
329                 rc = params_from_user(ctx, params, arg.num_params, uparams);
330                 if (rc)
331                         goto out;
332         }
333
334         rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
335         if (rc)
336                 goto out;
337         have_session = true;
338
339         if (put_user(arg.session, &uarg->session) ||
340             put_user(arg.ret, &uarg->ret) ||
341             put_user(arg.ret_origin, &uarg->ret_origin)) {
342                 rc = -EFAULT;
343                 goto out;
344         }
345         rc = params_to_user(uparams, arg.num_params, params);
346 out:
347         /*
348          * If we've succeeded to open the session but failed to communicate
349          * it back to user space, close the session again to avoid leakage.
350          */
351         if (rc && have_session && ctx->teedev->desc->ops->close_session)
352                 ctx->teedev->desc->ops->close_session(ctx, arg.session);
353
354         if (params) {
355                 /* Decrease ref count for all valid shared memory pointers */
356                 for (n = 0; n < arg.num_params; n++)
357                         if (tee_param_is_memref(params + n) &&
358                             params[n].u.memref.shm)
359                                 tee_shm_put(params[n].u.memref.shm);
360                 kfree(params);
361         }
362
363         return rc;
364 }
365
366 static int tee_ioctl_invoke(struct tee_context *ctx,
367                             struct tee_ioctl_buf_data __user *ubuf)
368 {
369         int rc;
370         size_t n;
371         struct tee_ioctl_buf_data buf;
372         struct tee_ioctl_invoke_arg __user *uarg;
373         struct tee_ioctl_invoke_arg arg;
374         struct tee_ioctl_param __user *uparams = NULL;
375         struct tee_param *params = NULL;
376
377         if (!ctx->teedev->desc->ops->invoke_func)
378                 return -EINVAL;
379
380         if (copy_from_user(&buf, ubuf, sizeof(buf)))
381                 return -EFAULT;
382
383         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
384             buf.buf_len < sizeof(struct tee_ioctl_invoke_arg))
385                 return -EINVAL;
386
387         uarg = u64_to_user_ptr(buf.buf_ptr);
388         if (copy_from_user(&arg, uarg, sizeof(arg)))
389                 return -EFAULT;
390
391         if (sizeof(arg) + TEE_IOCTL_PARAM_SIZE(arg.num_params) != buf.buf_len)
392                 return -EINVAL;
393
394         if (arg.num_params) {
395                 params = kcalloc(arg.num_params, sizeof(struct tee_param),
396                                  GFP_KERNEL);
397                 if (!params)
398                         return -ENOMEM;
399                 uparams = uarg->params;
400                 rc = params_from_user(ctx, params, arg.num_params, uparams);
401                 if (rc)
402                         goto out;
403         }
404
405         rc = ctx->teedev->desc->ops->invoke_func(ctx, &arg, params);
406         if (rc)
407                 goto out;
408
409         if (put_user(arg.ret, &uarg->ret) ||
410             put_user(arg.ret_origin, &uarg->ret_origin)) {
411                 rc = -EFAULT;
412                 goto out;
413         }
414         rc = params_to_user(uparams, arg.num_params, params);
415 out:
416         if (params) {
417                 /* Decrease ref count for all valid shared memory pointers */
418                 for (n = 0; n < arg.num_params; n++)
419                         if (tee_param_is_memref(params + n) &&
420                             params[n].u.memref.shm)
421                                 tee_shm_put(params[n].u.memref.shm);
422                 kfree(params);
423         }
424         return rc;
425 }
426
427 static int tee_ioctl_cancel(struct tee_context *ctx,
428                             struct tee_ioctl_cancel_arg __user *uarg)
429 {
430         struct tee_ioctl_cancel_arg arg;
431
432         if (!ctx->teedev->desc->ops->cancel_req)
433                 return -EINVAL;
434
435         if (copy_from_user(&arg, uarg, sizeof(arg)))
436                 return -EFAULT;
437
438         return ctx->teedev->desc->ops->cancel_req(ctx, arg.cancel_id,
439                                                   arg.session);
440 }
441
442 static int
443 tee_ioctl_close_session(struct tee_context *ctx,
444                         struct tee_ioctl_close_session_arg __user *uarg)
445 {
446         struct tee_ioctl_close_session_arg arg;
447
448         if (!ctx->teedev->desc->ops->close_session)
449                 return -EINVAL;
450
451         if (copy_from_user(&arg, uarg, sizeof(arg)))
452                 return -EFAULT;
453
454         return ctx->teedev->desc->ops->close_session(ctx, arg.session);
455 }
456
457 static int params_to_supp(struct tee_context *ctx,
458                           struct tee_ioctl_param __user *uparams,
459                           size_t num_params, struct tee_param *params)
460 {
461         size_t n;
462
463         for (n = 0; n < num_params; n++) {
464                 struct tee_ioctl_param ip;
465                 struct tee_param *p = params + n;
466
467                 ip.attr = p->attr;
468                 switch (p->attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
469                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT:
470                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
471                         ip.a = p->u.value.a;
472                         ip.b = p->u.value.b;
473                         ip.c = p->u.value.c;
474                         break;
475                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT:
476                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
477                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
478                         ip.b = p->u.memref.size;
479                         if (!p->u.memref.shm) {
480                                 ip.a = 0;
481                                 ip.c = (u64)-1; /* invalid shm id */
482                                 break;
483                         }
484                         ip.a = p->u.memref.shm_offs;
485                         ip.c = p->u.memref.shm->id;
486                         break;
487                 default:
488                         ip.a = 0;
489                         ip.b = 0;
490                         ip.c = 0;
491                         break;
492                 }
493
494                 if (copy_to_user(uparams + n, &ip, sizeof(ip)))
495                         return -EFAULT;
496         }
497
498         return 0;
499 }
500
501 static int tee_ioctl_supp_recv(struct tee_context *ctx,
502                                struct tee_ioctl_buf_data __user *ubuf)
503 {
504         int rc;
505         struct tee_ioctl_buf_data buf;
506         struct tee_iocl_supp_recv_arg __user *uarg;
507         struct tee_param *params;
508         u32 num_params;
509         u32 func;
510
511         if (!ctx->teedev->desc->ops->supp_recv)
512                 return -EINVAL;
513
514         if (copy_from_user(&buf, ubuf, sizeof(buf)))
515                 return -EFAULT;
516
517         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
518             buf.buf_len < sizeof(struct tee_iocl_supp_recv_arg))
519                 return -EINVAL;
520
521         uarg = u64_to_user_ptr(buf.buf_ptr);
522         if (get_user(num_params, &uarg->num_params))
523                 return -EFAULT;
524
525         if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) != buf.buf_len)
526                 return -EINVAL;
527
528         params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
529         if (!params)
530                 return -ENOMEM;
531
532         rc = params_from_user(ctx, params, num_params, uarg->params);
533         if (rc)
534                 goto out;
535
536         rc = ctx->teedev->desc->ops->supp_recv(ctx, &func, &num_params, params);
537         if (rc)
538                 goto out;
539
540         if (put_user(func, &uarg->func) ||
541             put_user(num_params, &uarg->num_params)) {
542                 rc = -EFAULT;
543                 goto out;
544         }
545
546         rc = params_to_supp(ctx, uarg->params, num_params, params);
547 out:
548         kfree(params);
549         return rc;
550 }
551
552 static int params_from_supp(struct tee_param *params, size_t num_params,
553                             struct tee_ioctl_param __user *uparams)
554 {
555         size_t n;
556
557         for (n = 0; n < num_params; n++) {
558                 struct tee_param *p = params + n;
559                 struct tee_ioctl_param ip;
560
561                 if (copy_from_user(&ip, uparams + n, sizeof(ip)))
562                         return -EFAULT;
563
564                 /* All unused attribute bits has to be zero */
565                 if (ip.attr & ~TEE_IOCTL_PARAM_ATTR_MASK)
566                         return -EINVAL;
567
568                 p->attr = ip.attr;
569                 switch (ip.attr & TEE_IOCTL_PARAM_ATTR_TYPE_MASK) {
570                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT:
571                 case TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT:
572                         /* Only out and in/out values can be updated */
573                         p->u.value.a = ip.a;
574                         p->u.value.b = ip.b;
575                         p->u.value.c = ip.c;
576                         break;
577                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT:
578                 case TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT:
579                         /*
580                          * Only the size of the memref can be updated.
581                          * Since we don't have access to the original
582                          * parameters here, only store the supplied size.
583                          * The driver will copy the updated size into the
584                          * original parameters.
585                          */
586                         p->u.memref.shm = NULL;
587                         p->u.memref.shm_offs = 0;
588                         p->u.memref.size = ip.b;
589                         break;
590                 default:
591                         memset(&p->u, 0, sizeof(p->u));
592                         break;
593                 }
594         }
595         return 0;
596 }
597
598 static int tee_ioctl_supp_send(struct tee_context *ctx,
599                                struct tee_ioctl_buf_data __user *ubuf)
600 {
601         long rc;
602         struct tee_ioctl_buf_data buf;
603         struct tee_iocl_supp_send_arg __user *uarg;
604         struct tee_param *params;
605         u32 num_params;
606         u32 ret;
607
608         /* Not valid for this driver */
609         if (!ctx->teedev->desc->ops->supp_send)
610                 return -EINVAL;
611
612         if (copy_from_user(&buf, ubuf, sizeof(buf)))
613                 return -EFAULT;
614
615         if (buf.buf_len > TEE_MAX_ARG_SIZE ||
616             buf.buf_len < sizeof(struct tee_iocl_supp_send_arg))
617                 return -EINVAL;
618
619         uarg = u64_to_user_ptr(buf.buf_ptr);
620         if (get_user(ret, &uarg->ret) ||
621             get_user(num_params, &uarg->num_params))
622                 return -EFAULT;
623
624         if (sizeof(*uarg) + TEE_IOCTL_PARAM_SIZE(num_params) > buf.buf_len)
625                 return -EINVAL;
626
627         params = kcalloc(num_params, sizeof(struct tee_param), GFP_KERNEL);
628         if (!params)
629                 return -ENOMEM;
630
631         rc = params_from_supp(params, num_params, uarg->params);
632         if (rc)
633                 goto out;
634
635         rc = ctx->teedev->desc->ops->supp_send(ctx, ret, num_params, params);
636 out:
637         kfree(params);
638         return rc;
639 }
640
641 static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
642 {
643         struct tee_context *ctx = filp->private_data;
644         void __user *uarg = (void __user *)arg;
645
646         switch (cmd) {
647         case TEE_IOC_VERSION:
648                 return tee_ioctl_version(ctx, uarg);
649         case TEE_IOC_SHM_ALLOC:
650                 return tee_ioctl_shm_alloc(ctx, uarg);
651         case TEE_IOC_SHM_REGISTER:
652                 return tee_ioctl_shm_register(ctx, uarg);
653         case TEE_IOC_OPEN_SESSION:
654                 return tee_ioctl_open_session(ctx, uarg);
655         case TEE_IOC_INVOKE:
656                 return tee_ioctl_invoke(ctx, uarg);
657         case TEE_IOC_CANCEL:
658                 return tee_ioctl_cancel(ctx, uarg);
659         case TEE_IOC_CLOSE_SESSION:
660                 return tee_ioctl_close_session(ctx, uarg);
661         case TEE_IOC_SUPPL_RECV:
662                 return tee_ioctl_supp_recv(ctx, uarg);
663         case TEE_IOC_SUPPL_SEND:
664                 return tee_ioctl_supp_send(ctx, uarg);
665         default:
666                 return -EINVAL;
667         }
668 }
669
670 static const struct file_operations tee_fops = {
671         .owner = THIS_MODULE,
672         .open = tee_open,
673         .release = tee_release,
674         .unlocked_ioctl = tee_ioctl,
675         .compat_ioctl = tee_ioctl,
676 };
677
678 static void tee_release_device(struct device *dev)
679 {
680         struct tee_device *teedev = container_of(dev, struct tee_device, dev);
681
682         spin_lock(&driver_lock);
683         clear_bit(teedev->id, dev_mask);
684         spin_unlock(&driver_lock);
685         mutex_destroy(&teedev->mutex);
686         idr_destroy(&teedev->idr);
687         kfree(teedev);
688 }
689
690 /**
691  * tee_device_alloc() - Allocate a new struct tee_device instance
692  * @teedesc:    Descriptor for this driver
693  * @dev:        Parent device for this device
694  * @pool:       Shared memory pool, NULL if not used
695  * @driver_data: Private driver data for this device
696  *
697  * Allocates a new struct tee_device instance. The device is
698  * removed by tee_device_unregister().
699  *
700  * @returns a pointer to a 'struct tee_device' or an ERR_PTR on failure
701  */
702 struct tee_device *tee_device_alloc(const struct tee_desc *teedesc,
703                                     struct device *dev,
704                                     struct tee_shm_pool *pool,
705                                     void *driver_data)
706 {
707         struct tee_device *teedev;
708         void *ret;
709         int rc, max_id;
710         int offs = 0;
711
712         if (!teedesc || !teedesc->name || !teedesc->ops ||
713             !teedesc->ops->get_version || !teedesc->ops->open ||
714             !teedesc->ops->release || !pool)
715                 return ERR_PTR(-EINVAL);
716
717         teedev = kzalloc(sizeof(*teedev), GFP_KERNEL);
718         if (!teedev) {
719                 ret = ERR_PTR(-ENOMEM);
720                 goto err;
721         }
722
723         max_id = TEE_NUM_DEVICES / 2;
724
725         if (teedesc->flags & TEE_DESC_PRIVILEGED) {
726                 offs = TEE_NUM_DEVICES / 2;
727                 max_id = TEE_NUM_DEVICES;
728         }
729
730         spin_lock(&driver_lock);
731         teedev->id = find_next_zero_bit(dev_mask, max_id, offs);
732         if (teedev->id < max_id)
733                 set_bit(teedev->id, dev_mask);
734         spin_unlock(&driver_lock);
735
736         if (teedev->id >= max_id) {
737                 ret = ERR_PTR(-ENOMEM);
738                 goto err;
739         }
740
741         snprintf(teedev->name, sizeof(teedev->name), "tee%s%d",
742                  teedesc->flags & TEE_DESC_PRIVILEGED ? "priv" : "",
743                  teedev->id - offs);
744
745         teedev->dev.class = tee_class;
746         teedev->dev.release = tee_release_device;
747         teedev->dev.parent = dev;
748
749         teedev->dev.devt = MKDEV(MAJOR(tee_devt), teedev->id);
750
751         rc = dev_set_name(&teedev->dev, "%s", teedev->name);
752         if (rc) {
753                 ret = ERR_PTR(rc);
754                 goto err_devt;
755         }
756
757         cdev_init(&teedev->cdev, &tee_fops);
758         teedev->cdev.owner = teedesc->owner;
759         teedev->cdev.kobj.parent = &teedev->dev.kobj;
760
761         dev_set_drvdata(&teedev->dev, driver_data);
762         device_initialize(&teedev->dev);
763
764         /* 1 as tee_device_unregister() does one final tee_device_put() */
765         teedev->num_users = 1;
766         init_completion(&teedev->c_no_users);
767         mutex_init(&teedev->mutex);
768         idr_init(&teedev->idr);
769
770         teedev->desc = teedesc;
771         teedev->pool = pool;
772
773         return teedev;
774 err_devt:
775         unregister_chrdev_region(teedev->dev.devt, 1);
776 err:
777         pr_err("could not register %s driver\n",
778                teedesc->flags & TEE_DESC_PRIVILEGED ? "privileged" : "client");
779         if (teedev && teedev->id < TEE_NUM_DEVICES) {
780                 spin_lock(&driver_lock);
781                 clear_bit(teedev->id, dev_mask);
782                 spin_unlock(&driver_lock);
783         }
784         kfree(teedev);
785         return ret;
786 }
787 EXPORT_SYMBOL_GPL(tee_device_alloc);
788
789 static ssize_t implementation_id_show(struct device *dev,
790                                       struct device_attribute *attr, char *buf)
791 {
792         struct tee_device *teedev = container_of(dev, struct tee_device, dev);
793         struct tee_ioctl_version_data vers;
794
795         teedev->desc->ops->get_version(teedev, &vers);
796         return scnprintf(buf, PAGE_SIZE, "%d\n", vers.impl_id);
797 }
798 static DEVICE_ATTR_RO(implementation_id);
799
800 static struct attribute *tee_dev_attrs[] = {
801         &dev_attr_implementation_id.attr,
802         NULL
803 };
804
805 static const struct attribute_group tee_dev_group = {
806         .attrs = tee_dev_attrs,
807 };
808
809 /**
810  * tee_device_register() - Registers a TEE device
811  * @teedev:     Device to register
812  *
813  * tee_device_unregister() need to be called to remove the @teedev if
814  * this function fails.
815  *
816  * @returns < 0 on failure
817  */
818 int tee_device_register(struct tee_device *teedev)
819 {
820         int rc;
821
822         if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
823                 dev_err(&teedev->dev, "attempt to register twice\n");
824                 return -EINVAL;
825         }
826
827         rc = cdev_add(&teedev->cdev, teedev->dev.devt, 1);
828         if (rc) {
829                 dev_err(&teedev->dev,
830                         "unable to cdev_add() %s, major %d, minor %d, err=%d\n",
831                         teedev->name, MAJOR(teedev->dev.devt),
832                         MINOR(teedev->dev.devt), rc);
833                 return rc;
834         }
835
836         rc = device_add(&teedev->dev);
837         if (rc) {
838                 dev_err(&teedev->dev,
839                         "unable to device_add() %s, major %d, minor %d, err=%d\n",
840                         teedev->name, MAJOR(teedev->dev.devt),
841                         MINOR(teedev->dev.devt), rc);
842                 goto err_device_add;
843         }
844
845         rc = sysfs_create_group(&teedev->dev.kobj, &tee_dev_group);
846         if (rc) {
847                 dev_err(&teedev->dev,
848                         "failed to create sysfs attributes, err=%d\n", rc);
849                 goto err_sysfs_create_group;
850         }
851
852         teedev->flags |= TEE_DEVICE_FLAG_REGISTERED;
853         return 0;
854
855 err_sysfs_create_group:
856         device_del(&teedev->dev);
857 err_device_add:
858         cdev_del(&teedev->cdev);
859         return rc;
860 }
861 EXPORT_SYMBOL_GPL(tee_device_register);
862
863 void tee_device_put(struct tee_device *teedev)
864 {
865         mutex_lock(&teedev->mutex);
866         /* Shouldn't put in this state */
867         if (!WARN_ON(!teedev->desc)) {
868                 teedev->num_users--;
869                 if (!teedev->num_users) {
870                         teedev->desc = NULL;
871                         complete(&teedev->c_no_users);
872                 }
873         }
874         mutex_unlock(&teedev->mutex);
875 }
876
877 bool tee_device_get(struct tee_device *teedev)
878 {
879         mutex_lock(&teedev->mutex);
880         if (!teedev->desc) {
881                 mutex_unlock(&teedev->mutex);
882                 return false;
883         }
884         teedev->num_users++;
885         mutex_unlock(&teedev->mutex);
886         return true;
887 }
888
889 /**
890  * tee_device_unregister() - Removes a TEE device
891  * @teedev:     Device to unregister
892  *
893  * This function should be called to remove the @teedev even if
894  * tee_device_register() hasn't been called yet. Does nothing if
895  * @teedev is NULL.
896  */
897 void tee_device_unregister(struct tee_device *teedev)
898 {
899         if (!teedev)
900                 return;
901
902         if (teedev->flags & TEE_DEVICE_FLAG_REGISTERED) {
903                 sysfs_remove_group(&teedev->dev.kobj, &tee_dev_group);
904                 cdev_del(&teedev->cdev);
905                 device_del(&teedev->dev);
906         }
907
908         tee_device_put(teedev);
909         wait_for_completion(&teedev->c_no_users);
910
911         /*
912          * No need to take a mutex any longer now since teedev->desc was
913          * set to NULL before teedev->c_no_users was completed.
914          */
915
916         teedev->pool = NULL;
917
918         put_device(&teedev->dev);
919 }
920 EXPORT_SYMBOL_GPL(tee_device_unregister);
921
922 /**
923  * tee_get_drvdata() - Return driver_data pointer
924  * @teedev:     Device containing the driver_data pointer
925  * @returns the driver_data pointer supplied to tee_register().
926  */
927 void *tee_get_drvdata(struct tee_device *teedev)
928 {
929         return dev_get_drvdata(&teedev->dev);
930 }
931 EXPORT_SYMBOL_GPL(tee_get_drvdata);
932
933 static int __init tee_init(void)
934 {
935         int rc;
936
937         tee_class = class_create(THIS_MODULE, "tee");
938         if (IS_ERR(tee_class)) {
939                 pr_err("couldn't create class\n");
940                 return PTR_ERR(tee_class);
941         }
942
943         rc = alloc_chrdev_region(&tee_devt, 0, TEE_NUM_DEVICES, "tee");
944         if (rc) {
945                 pr_err("failed to allocate char dev region\n");
946                 class_destroy(tee_class);
947                 tee_class = NULL;
948         }
949
950         return rc;
951 }
952
953 static void __exit tee_exit(void)
954 {
955         class_destroy(tee_class);
956         tee_class = NULL;
957         unregister_chrdev_region(tee_devt, TEE_NUM_DEVICES);
958 }
959
960 subsys_initcall(tee_init);
961 module_exit(tee_exit);
962
963 MODULE_AUTHOR("Linaro");
964 MODULE_DESCRIPTION("TEE Driver");
965 MODULE_VERSION("1.0");
966 MODULE_LICENSE("GPL v2");
Source code of Linux-libre